1 / 16

Reverse Engineering .NET

Reverse Engineering .NET. Presented By: Joe Kuemerle @ jkuemerle www.speakerrate.com/jkuemerle. Background of Joe Kuemerle. Lead Developer at PreEmptive Solutions Over 14 years of development experience with a broad range of technologies

anka
Download Presentation

Reverse Engineering .NET

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reverse Engineering .NET Presented By: Joe Kuemerle @jkuemerle www.speakerrate.com/jkuemerle

  2. Background of Joe Kuemerle • Lead Developer at PreEmptive Solutions • Over 14 years of development experience with a broad range of technologies • Focused on application and data security, coding best practices and regulatory compliance • Presenter at user groups, code camps, CodeMash 2009 and MSDN Developer Conference 2009

  3. Why Reverse Engineer?

  4. Reasons To Reverse Engineer • Curiosity – see how things work • Risk Management – see what the bad guys see • Recovery – recover lost / damaged source • Illegal Activity – be the bad guy Random fact: According to a 2007 FBI study 70% of network abuse is due to insiders.

  5. Ease of Reverse Engineering .NET • Why is it easy to reverse engineer .NET? • All high level source is compiled to MSIL • IL is verbose (compared to assembly) • IL is well documented (CLI specification) • Open source compiler to reference • Shared Source CLI compiler • Rich metadata included in assembly • Support for reflection means code using reflection must be self describing, by default all that information is embedded in assemblies

  6. What Can Be Reverse Engineered • Any Managed Portable Executable (PE)

  7. Availability of Tools • Native reverse engineering tools tend to actually cost money • IDA Pro • $515 and up • Syser debugger $198 and up • DevPartner $2,400

  8. Availability of Tools • Managed tools tend to cost less • ILDASM/ILASM - $0 • Reflector - $0 • Dile - $0 • WPF Snoop - $0 • Silverlight Spy - $0 • Mono Cecil Decompiler - $0

  9. So what, it’s free and easy. Big deal! • Once you (or someone else) has this knowledge what can they do? • Look to see exactly how things *really* work • Find out things they might not need to know • Passwords • Encryption Keys • Secret data • Alter functionality • Bypass authentication checks • Unlock functionality • Alter the user interface • Add malicious code

  10. Demo Time

  11. Now What? • So, how do I stop all this monkeying around with my code? • You don’t stop it. All you can do is raise the bar

  12. Raising Defenses • There are some steps you can take to make life more difficult to deter the casual attacker • Strong Name assemblies to prevent alteration • Authenticode signing for commercial applications • Do not embed secrets in the binaries • Use DPAPI to encrypt secrets • Public key signature validation • Obfuscation

  13. Questions and Answers

  14. References (Tools) • Reflector :http://www.red-gate.com/products/reflector/index.htm • Reflector Plug In Page : http://www.codeplex.com/reflectoraddins • Dile : http://sourceforge.net/projects/dile • Snoop : http://blois.us/Snoop/ • Silverlight Spy : http://firstfloorsoftware.com/silverlightspy

  15. References (Articles) • Brian Long : Reverse Engineering To Learn .NET Better • http://www.blong.com/Conferences/DCon2003/ReverseEngineering/ReverseEngineering.htm • David Cumps : Reverse Engineering with Reflector and Reflexil • http://blog.cumps.be/reverse-engineering-with-reflector-and-reflexil • Jason Haley • http://jasonhaley.com • Jason Bock • http://www.jasonbock.net/JB

  16. Photo Attributes • http://flickr.com/photos/calavera/65098350/ • http://flickr.com/photos/epitti/199843720/ • http://flickr.com/photos/moriza/77481889/ • http://flickr.com/photos/dannyboyster/60371673/ • http://flickr.com/photos/20406121@N04/2632344166/ • http://flickr.com/photos/rogersmith/126697530/ • http://flickr.com/photos/docman/36125185/ • http://flickr.com/photos/frozen-in-time/3858611/ • http://flickr.com/photos/chubbybat/62206640/

More Related